Jeffery To [Tue, 28 Feb 2023 06:36:12 +0000 (14:36 +0800)]
python-packaging: Update to 23.0, add host build
This also adds myself as maintainer, and marks the target package as
BROKEN (for now) as the update requires proper support for
pyproject.toml-based builds.
Jeffery To [Mon, 27 Feb 2023 14:15:30 +0000 (22:15 +0800)]
python-installer: Add host-only package
From the README:
This is a low-level library for installing a Python package from a wheel
distribution. It provides basic functionality and abstractions for
handling wheels and installing packages from wheels.
Oskari Rauta [Tue, 28 Mar 2023 18:46:20 +0000 (21:46 +0300)]
rust: update to 1.68.1
also add new variable CARGO_VARS to make it possible
to pass environment variables for cargo process.
This is necessary when for example, cross-compiling
netavark.
Dirk Brenken [Thu, 30 Mar 2023 16:00:15 +0000 (18:00 +0200)]
banip: update to 0.8.2-5
* fixed missing version number when installed as separate package (not in build)
* fixed cornercase init and mailing issues
* sorted Country list by country names ascending
* fixed some shellcheck findings
Florian Eckert [Wed, 19 Oct 2022 08:40:18 +0000 (10:40 +0200)]
net-snmp: rename stop_service to service_stopped
The commands in the function 'stop_service' do not stop the service.
Rather, they are commands that are to be executed when the service has
already been stopped. By renaming the function, the commands are now
executed after the service has been stopped.
Jeffery To [Sat, 25 Feb 2023 11:42:39 +0000 (19:42 +0800)]
python: Add pyproject.toml-based builds for host Python packages
Using pip to install host packages with pyproject.toml-based (PEP 517)
builds is problematic:
* If build isolation is used, pip will create an isolated build
environment, install any build dependencies for the requested package,
then build the requested package.
It does not appear currently possible to have pip install the build
dependencies with hash-checking mode enabled[1].
* If build isolation is not used, any build dependencies must be
installed in the build environment before invoking pip to build the
requested package[2].
This would require creating a package dependency resolution system to
install build dependencies, and any dependencies of dependencies, in
the correct order.
* It is very difficult to patch the packages installed by pip.
This adds a new include file (python3-host-build.mk) with recipes to
install host Python packages with pyproject.toml-based builds. This is
backwards-compatible with packages that require running setup.py.
Besides addressing the above issues (the OpenWrt build system already
resolves dependencies between packages, checks all source downloads
against known hashes, and supports patching packages), host packages
also:
* Capture package licensing and maintainer information
* Enable uscan checking for package updates/CVEs
* Are a known concept for OpenWrt packagers/developers
The existing functionality of using host pip to install packages will
remain for now, but should be considered deprecated and expected to be
removed in the future.
This also updates Py3Build/CheckHostPipVersionMatch for the case where
the host-pip-requirements directory does not exist or is empty.
Jeffery To [Thu, 2 Mar 2023 15:35:00 +0000 (23:35 +0800)]
python: Unset Python environment variables
This will prevent the user's environment variables from affecting host
Python, removing the need to manually override these variables.
It is also not necessary to set PYTHONPATH (when not working on target
Python packages) because the given directories are already included in
Python's search path by default.
Oskari Rauta [Sun, 26 Mar 2023 17:10:55 +0000 (20:10 +0300)]
netbird: update to 0.14.5
Release Notes
Management
- Introduce a new ACL engine based on Rego (Open Policy Agent) for firewall control
- Personal access tokens generation as a first iteration toward public API release
- Add Keycloak support as an IDP manager
Agent
- Introduce a Firewall interface to apply granular access control (e.g., connection direction, port, or protocol level)
- Make the agent run on Android (mobile support)
Changelog
- Feat rego default policy
- Don't drop Rules from file storage after migration to Policies
- Add version info command to signal server
- Feat firewall controller interface
- Adding Personal Access Token generation
- Exchange proxy mode via signal
- Fix connstate indication
- Mobile
- PAT persistence
- Add Keycloak Idp Manager
- Adjustments for the change server flow
- Disable peer expiration of peers added with setup keys
- Add JWT middleware validation failure log
Julien Malik [Tue, 7 Feb 2023 22:34:10 +0000 (23:34 +0100)]
borgbackup: add missing dependencies
The initial package submission was missing
some required and optional dependencies
due to lack of testing on a system without any python
related packages pre-installed.
Some optional but highly recommended dependencies
were discovered with the stdlib module as described in:
https://github.com/openwrt/packages/blob/392a68e24774294590abf9c08ea1832f2cee190d/lang/python/README.md
- Update haproxy PKG_VERSION and PKG_HASH
- This release includes a fix for an OOB write. The official notes
do not list a CVE entry but I guess there is a chance for
security implications
- See changes: http://git.haproxy.org/?p=haproxy-2.6.git;a=shortlog
Tianling Shen [Sun, 19 Mar 2023 06:07:48 +0000 (14:07 +0800)]
rust: refactor build helper
Added new RustBinPackage, RustBinHostBuild wrapper.
Added new RUST_PKG_FEATURES flag.
Moved CARGO_HOME to STAGING_DIR_HOSTPKG.
Overrode default Build/Compile and Host/Compile to Cargo build.
Dirk Brenken [Wed, 22 Mar 2023 18:15:01 +0000 (19:15 +0100)]
banip: update to 0.8.2-3
* raise max. timeouts from 10 to 30 seconds to stabilize the autodetection on slow hardware
* made interface trigger action configurable, set 'ban_triggeraction' accordingly (default: 'start')
* made E-Mail notifications configurable to receive status E-Mais with every banIP run,
set 'ban_mailnotification' accordingly (default: disabled)
* small fixes & optimizations
* readme update
When package A depends on package B (package B is a dependency of
package A; package A is a dependent of package B), trying to remove
package B while package A is installed will result in an error. Adding
--force-removal-of-dependent-packages in this case will cause the
removal of package B and package A (package B's dependent).
But in the case of the CI testing step, it is package A that is being
installed and removed. Removing package A with
--force-removal-of-dependent-packages will not cause package B (package
A's dependency) to be removed.
This adds --autoremove to actually remove the package's dependencies.
This also ignores any errors returned by opkg remove as --autoremove can
sometimes falsely return an error[1].
Dirk Brenken [Mon, 20 Mar 2023 19:27:19 +0000 (20:27 +0100)]
adblock: update to 4.1.5-7
* fix cornercase issue with duplicate entries in black- and whitelist
* change cpbl source URL
* firewall redirects now blocks IPv4 and IPv6 (set family to "any")
Quintin Hill [Fri, 10 Mar 2023 22:49:03 +0000 (22:49 +0000)]
python-dbus-fast: add package
This package is a dependency of bleak. Building and installing this package via
pip on a router is not difficult and the build crashes when memory is
exhausted.
Jeffery To [Thu, 16 Mar 2023 03:19:10 +0000 (11:19 +0800)]
golang: Update to 1.20.2, refresh patch
Includes fixes for:
* 1.20.1:
* CVE-2022-41722: path/filepath: path traversal in filepath.Clean on
Windows
* CVE-2022-41723: net/http: avoid quadratic complexity in HPACK
decoding
* CVE-2022-41724: crypto/tls: large handshake records may cause panics
* CVE-2022-41725: net/http, mime/multipart: denial of service from
excessive resource consumption
* 1.20.2:
* CVE-2023-24532: crypto/elliptic: specific unreduced P-256 scalars
produce incorrect results
Michal Vasilek [Thu, 16 Feb 2023 09:20:13 +0000 (10:20 +0100)]
git: update to 2.39.2
GITWEB_* variable values don't work as they should since 2.38, so let's
remove them and add a workaround. This issue was reported in
https://lore.kernel.org/git/80eb3972-4960-5727-ce86-acc3a4425fd4@nic.cz/T/#u
Oskari Rauta [Sun, 12 Mar 2023 16:30:35 +0000 (18:30 +0200)]
zerotier: do not allow executable stack
zerotier as default has executable stack.
[ 11.343143] process '/usr/bin/zerotier-one' started with executable stack
executable stacks are not recommend, possibly provide a threat and there
seems to be no advantage of executable stack with zerotier-one - so let's
build it without instead.
Stack is executable on x86_64, but not on all archs, such as ramips.
git.99rst.org / openwrt-packages.git / log